The page you're viewing is for English (ASIA) region.

Objective

We are committed to providing secure products to our customers and take all security concerns seriously.  We work to quickly review, validate and remediate vulnerabilities submitted to us.

The Vertiv Security Incident Response Team (SIRT) objective is to minimize security risk by providing timely information and remediation of vulnerabilities in our network, web properties and products. This includes software, hardware, services and solutions.

The SIRT manages the receipt, analysis, investigation and remediation of security issues. The SIRT will also coordinate the disclosure of security vulnerability information.

We welcome reports from independent researchers, industry organizations, vendors and customers concerned with security.

Report a Security Concern

800x600-217263_244965.jpg

Policy

Our policy is to follow a coordinated vulnerability disclosure process. This process allows independent parties that discover a vulnerability in a Vertiv product to disclose those concerns to Vertiv directly, giving us time to investigate and remediate before the vulnerability is disclosed publicly. This protects Vertiv’s customers while acknowledging the reporters’ efforts. If a reported vulnerability relates to a vendor product, the SIRT will coordinate with the vendor to remediate the vulnerability. The SIRT will communicate with the reporter throughout the vulnerability investigation and will provide mutually agreeable next steps.

We encourage coordinated disclosure of product security vulnerabilities. Security researchers, industry groups, government organizations and vendors can report potential product security vulnerabilities to Vertiv.

Report a Product Security Concern

If the vulnerability affects only a Vertiv product, please click “Report a Product Security Concern” below.

Please include the following:

  • Product and version
  • Description of the potential vulnerability
  • Any special configuration required to reproduce the issue
  • Proof of concept or exploit code, if available
  • Potential Impact
  • CVE #
  • Company or Organization
  • Tool used to uncover potential vulnerability

Report other Security Concerns

For all other security issues, please click “Report other Security Concerns” below. 

 

Please include the following:

  • Website URL or location
  • Type of potential vulnerability (XSS, Injection, etc.)
  • Instructions to reproduce the potential vulnerability
  • Proof of concept or exploit code, including how an attacker could exploit the potential vulnerability
  • Potential impact

We take security concerns seriously and work to evaluate and address them in a timely manner. Response timelines will depend on many factors, including: the severity, the product affected, the current development cycle, QA cycles, and whether the issue can only be updated in a major release.

Remediation may take one or more of the following forms:

  • A new release
  • A patch
  • Instructions to download and install an update or patch from a third-party
  • A workaround to mitigate the vulnerability

Notwithstanding the foregoing, not all reported concerns will result in validated vulnerabilities and we do not guarantee a specific resolution for all reported concerns.

Language & Location